security-tools/sigma-rules
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
face95058fee70c695abde69b2e5196f08a8bf68
sigma-rules/detection_rules/etc/deprecated_rules.json
T
github-actions[bot] ab6f28a380 Lock versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11 (#3223) 
* Locked versions for releases: 8.3,8.4,8.5,8.6,8.7,8.8,8.9,8.10,8.11

* Update detection_rules/etc/deprecated_rules.json

---------

Co-authored-by: terrancedejesus <terrancedejesus@users.noreply.github.com>
Co-authored-by: Terrance DeJesus <99630311+terrancedejesus@users.noreply.github.com>
2023-10-24 14:01:11 -04:00

342 lines
12 KiB
JSON
Raw Blame History

{
"041d4d41-9589-43e2-ba13-5680af75ebc2": {
"deprecation_date": "2023/09/25",
"rule_name": "Deprecated - Potential DNS Tunneling via Iodine",
"stack_version": "8.3"
},
"08d5d7e2-740f-44d8-aeda-e41f4263efaf": {
"deprecation_date": "2021/04/15",
"rule_name": "TCP Port 8000 Activity to the Internet",
"stack_version": "7.14.0"
},
"0968cfbd-40f0-4b1c-b7b1-a60736c7b241": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via cpulimit Shell Evasion",
"stack_version": "7.16"
},
"0c9a14d9-d65d-486f-9b5b-91e4e6b22bd0": {
"deprecation_date": "2023/07/03",
"rule_name": "Deprecated - Threat Intel Indicator Match",
"stack_version": "8.5"
},
"0f616aee-8161-4120-857e-742366f5eeb3": {
"deprecation_date": "2021/04/15",
"rule_name": "PowerShell spawning Cmd",
"stack_version": "7.14.0"
},
"10754992-28c7-4472-be5b-f3770fd04f2d": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via awk Commands",
"stack_version": "7.16"
},
"119c8877-8613-416d-a98a-96b6664ee73a5": {
"deprecation_date": "2021/08/02",
"rule_name": "AWS RDS Snapshot Export",
"stack_version": "7.13"
},
"120559c6-5e24-49f4-9e30-8ffe697df6b9": {
"deprecation_date": "2021/04/15",
"rule_name": "User Discovery via Whoami",
"stack_version": "7.14.0"
},
"125417b8-d3df-479f-8418-12d7e034fee3": {
"deprecation_date": "2022/07/25",
"rule_name": "Attempt to Disable IPTables or Firewall",
"stack_version": "7.16"
},
"139c7458-566a-410c-a5cd-f80238d6a5cd": {
"deprecation_date": "2021/04/15",
"rule_name": "SQL Traffic to the Internet",
"stack_version": "7.14.0"
},
"1859ce38-6a50-422b-a5e8-636e231ea0cd": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via c89/c99 Shell evasion",
"stack_version": "7.16"
},
"20dc4620-3b68-4269-8124-ca5091e00ea8": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Max Login Sessions",
"stack_version": "7.16"
},
"231876e7-4d1f-4d63-a47c-47dd1acdc1cb": {
"deprecation_date": "2023/03/04",
"rule_name": "Potential Shell via Web Server",
"stack_version": "8.3"
},
"28896382-7d4f-4d50-9b72-67091901fd26": {
"deprecation_date": "2022/08/03",
"rule_name": "Suspicious Process from Conhost",
"stack_version": "7.16"
},
"2f0bae2d-bf20-4465-be86-1311addebaa3": {
"deprecation_date": "2022/10/04",
"rule_name": "GCP Kubernetes Rolebindings Created or Patched",
"stack_version": "8.3"
},
"3605a013-6f0c-4f7d-88a5-326f5be262ec": {
"deprecation_date": "2022/08/01",
"rule_name": "Potential Privilege Escalation via Local Kerberos Relay over LDAP",
"stack_version": "7.16"
},
"3a86e085-094c-412d-97ff-2439731e59cb": {
"deprecation_date": "2021/03/03",
"rule_name": "Setgid Bit Set via chmod",
"stack_version": "7.13"
},
"43303fd4-4839-4e48-b2b2-803ab060758d": {
"deprecation_date": "2022/09/13",
"rule_name": "Web Application Suspicious Activity: No User Agent",
"stack_version": "8.5"
},
"47f09343-8d1f-4bb5-8bb0-00c9d18f5010": {
"deprecation_date": "2021/03/17",
"rule_name": "Execution via Regsvcs/Regasm",
"stack_version": "7.14.0"
},
"4973e46b-a663-41b8-a875-ced16dda2bb0": {
"deprecation_date": "2023/09/25",
"rule_name": "Deprecated - Potential Process Injection via LD_PRELOAD Environment Variable",
"stack_version": "8.6"
},
"5e87f165-45c2-4b80-bfa5-52822552c997": {
"deprecation_date": "2022/03/16",
"rule_name": "Potential PrintNightmare File Modification",
"stack_version": "7.13"
},
"61c31c14-507f-4627-8c31-072556b89a9c": {
"deprecation_date": "2021/04/15",
"rule_name": "Mknod Process Activity",
"stack_version": "7.14.0"
},
"6506c9fd-229e-4722-8f0f-69be759afd2a": {
"deprecation_date": "2022/03/16",
"rule_name": "Potential PrintNightmare Exploit Registry Modification",
"stack_version": "7.13"
},
"67a9beba-830d-4035-bfe8-40b7e28f8ac4": {
"deprecation_date": "2021/04/15",
"rule_name": "SMTP to the Internet",
"stack_version": "7.14.0"
},
"68113fdc-3105-4cdd-85bb-e643c416ef0b": {
"deprecation_date": "2021/04/15",
"rule_name": "Query Registry via reg.exe",
"stack_version": "7.14.0"
},
"699e9fdb-b77c-4c01-995c-1c15019b9c43": {
"deprecation_date": "2023/07/03",
"rule_name": "Deprecated - Threat Intel Filebeat Module (v8.x) Indicator Match",
"stack_version": "8.5"
},
"6ea71ff0-9e95-475b-9506-2580d1ce6154": {
"deprecation_date": "2022/08/02",
"rule_name": "DNS Activity to the Internet",
"stack_version": "7.16"
},
"6f1500bc-62d7-4eb9-8601-7485e87da2f4": {
"deprecation_date": "2021/04/15",
"rule_name": "SSH (Secure Shell) to the Internet",
"stack_version": "7.14.0"
},
"6f683345-bb10-47a7-86a7-71e9c24fb358": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the find command",
"stack_version": "7.16"
},
"72d33577-f155-457d-aad3-379f9b750c97": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via env Shell Evasion",
"stack_version": "7.16"
},
"7a137d76-ce3d-48e2-947d-2747796a78c0": {
"deprecation_date": "2021/04/15",
"rule_name": "Network Sniffing via Tcpdump",
"stack_version": "7.14.0"
},
"7b08314d-47a0-4b71-ae4e-16544176924f": {
"deprecation_date": "2022/08/02",
"rule_name": "File and Directory Discovery",
"stack_version": "7.16"
},
"7d2c38d7-ede7-4bdf-b140-445906e6c540": {
"deprecation_date": "2021/04/15",
"rule_name": "Tor Activity to the Internet",
"stack_version": "7.14.0"
},
"81cc58f5-8062-49a2-ba84-5cc4b4d31c40": {
"deprecation_date": "2021/04/15",
"rule_name": "Persistence via Kernel Module Modification",
"stack_version": "7.14.0"
},
"83b2c6e5-e0b2-42d7-8542-8f3af86a1acb": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the mysql command",
"stack_version": "7.16"
},
"87ec6396-9ac4-4706-bcf0-2ebb22002f43": {
"deprecation_date": "2021/04/15",
"rule_name": "FTP (File Transfer Protocol) Activity to the Internet",
"stack_version": "7.14.0"
},
"89583d1b-3c2e-4606-8b74-0a9fd2248e88": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the vi command",
"stack_version": "7.16"
},
"8fed8450-847e-43bd-874c-3bbf0cd425f3": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via apt/apt-get Changelog Escape",
"stack_version": "7.16"
},
"90e28af7-1d96-4582-bf11-9a1eff21d0e5": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Login Attempt at Forbidden Time",
"stack_version": "7.16"
},
"97da359b-2b61-4a40-b2e4-8fc48cf7a294": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the SSH command",
"stack_version": "7.16"
},
"97f22dab-84e8-409d-955e-dacd1d31670b": {
"deprecation_date": "2021/04/15",
"rule_name": "Base64 Encoding/Decoding Activity",
"stack_version": "7.14.0"
},
"9cf7a0ae-2404-11ed-ae7d-f661ea17fbce": {
"deprecation_date": "2023/02/16",
"rule_name": "Google Workspace User Group Access Modified to Allow External Access",
"stack_version": "8.4"
},
"9d110cb3-5f4b-4c9a-b9f5-53f0a1707ae1": {
"deprecation_date": "2021/04/15",
"rule_name": "Trusted Developer Application Usage",
"stack_version": "7.14.0"
},
"a4ec1382-4557-452b-89ba-e413b22ed4b8": {
"deprecation_date": "2020/10/30",
"rule_name": "Network Connection via Mshta",
"stack_version": "7.10.0"
},
"a5f0d057-d540-44f5-924d-c6a2ae92f045": {
"deprecation_date": "2023/06/22",
"rule_name": "Potential SSH Brute Force Detected on Privileged Account",
"stack_version": "8.3"
},
"a9198571-b135-4a76-b055-e3e5a476fd83": {
"deprecation_date": "2021/04/15",
"rule_name": "Hex Encoding/Decoding Activity",
"stack_version": "7.14.0"
},
"ad0e5e75-dd89-4875-8d0a-dfdc1828b5f3": {
"deprecation_date": "2021/04/15",
"rule_name": "Proxy Port Activity to the Internet",
"stack_version": "7.14.0"
},
"b1c14366-f4f8-49a0-bcbb-51d2de8b0bb8": {
"deprecation_date": "2021/04/15",
"rule_name": "Potential Persistence via Cron Job",
"stack_version": "7.14.0"
},
"c6474c34-4953-447a-903e-9fcb7b6661aa": {
"deprecation_date": "2021/04/15",
"rule_name": "IRC (Internet Relay Chat) Protocol Activity to the Internet",
"stack_version": "7.14.0"
},
"c87fca17-b3a9-4e83-b545-f30746c53920": {
"deprecation_date": "2021/04/15",
"rule_name": "Nmap Process Activity",
"stack_version": "7.14.0"
},
"cab4f01c-793f-4a54-a03e-e5d85b96d7af": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Login from Forbidden Location",
"stack_version": "7.16"
},
"cc16f774-59f9-462d-8b98-d27ccd4519ec": {
"deprecation_date": "2021/04/15",
"rule_name": "Process Discovery via Tasklist",
"stack_version": "7.14.0"
},
"cd4d5754-07e1-41d4-b9a5-ef4ea6a0a126": {
"deprecation_date": "2021/04/15",
"rule_name": "Socat Process Activity",
"stack_version": "7.14.0"
},
"d2053495-8fe7-4168-b3df-dad844046be3": {
"deprecation_date": "2021/04/15",
"rule_name": "PPTP (Point to Point Tunneling Protocol) Activity",
"stack_version": "7.14.0"
},
"d6450d4e-81c6-46a3-bd94-079886318ed5": {
"deprecation_date": "2022/07/28",
"rule_name": "Strace Process Activity",
"stack_version": "7.16"
},
"da986d2c-ffbf-4fd6-af96-a88dbf68f386": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the gcc command",
"stack_version": "7.16"
},
"dc672cb7-d5df-4d1f-a6d7-0841b1caafb9": {
"deprecation_date": "2022/01/12",
"rule_name": "Threat Intel Filebeat Module (v7.x) Indicator Match",
"stack_version": "8.0"
},
"dd7f1524-643e-11ed-9e35-f661ea17fbcd": {
"deprecation_date": "2023/07/04",
"rule_name": "Reverse Shell Created via Named Pipe",
"stack_version": "8.3"
},
"df959768-b0c9-4d45-988c-5606a2be8e5a": {
"deprecation_date": "2022/07/25",
"rule_name": "Unusual Process Execution - Temp",
"stack_version": "7.16"
},
"e0dacebe-4311-4d50-9387-b17e89c2e7fd": {
"deprecation_date": "2022/08/02",
"rule_name": "Whitespace Padding in Process Command Line",
"stack_version": "7.16"
},
"e56993d2-759c-4120-984c-9ec9bb940fd5": {
"deprecation_date": "2021/04/15",
"rule_name": "RDP (Remote Desktop Protocol) to the Internet",
"stack_version": "7.14.0"
},
"e9b4a3c7-24fc-49fd-a00f-9c938031eef1": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via busybox Shell Evasion",
"stack_version": "7.16"
},
"ea0784f0-a4d7-4fea-ae86-4baaf27a6f17": {
"deprecation_date": "2021/04/15",
"rule_name": "SSH (Secure Shell) from the Internet",
"stack_version": "7.14.0"
},
"eb6a3790-d52d-11ec-8ce9-f661ea17fbce": {
"deprecation_date": "2023/07/31",
"rule_name": "Suspicious Network Connection Attempt by Root",
"stack_version": "8.3"
},
"ee619805-54d7-4c56-ba6f-7717282ddd73": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via crash Shell evasion",
"stack_version": "7.16"
},
"f52362cd-baf1-4b6d-84be-064efc826461": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via flock Shell evasion",
"stack_version": "7.16"
},
"fb9937ce-7e21-46bf-831d-1ad96eac674d": {
"deprecation_date": "2022/07/25",
"rule_name": "Auditd Max Failed Login Attempts",
"stack_version": "7.16"
},
"fd3fc25e-7c7c-4613-8209-97942ac609f6": {
"deprecation_date": "2022/05/09",
"rule_name": "Linux Restricted Shell Breakout via the expect command",
"stack_version": "7.16"
}
}
Reference in New Issue View Git Blame Copy Permalink